Get the real IP address from Cloudflare

Pre requisites

You may need to install the Real IP Module if this is on bare metal

---

title: Install Nginx Extras

Why

Some configs in NGINX need the nginx-extras

How

apt-get install nginx-extras

If you are using docker, then it's installed from the get go!

Create cloudflare IP file

Depending on what system you are using, this location may change.

On most installs the file is created in /etc/nginx so we will do that here.

cd /etc/nginx
touch cloudflare.conf

Edit the cloudflare file

NanoVim

nano cloudflare.conf

vi cloudflare.conf

In the window that opened, paste in the below

real_ip_recursive on;
real_ip_header CF-Connecting-IP;

#v4
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 131.0.72.0/22;

# V6
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2c0f:f248::/32;

What does this do

This tells nginx that any time it sees one of these IP ranges, it should look at the header CF-Connecting-IP that gets sent and then use that as the connecting IP

using this file in nginx

For argument’s sake, we will make the below assumptions

• Location of the config file: /etc/nginx/cloudflare.conf
• Location of the nginx config we want to fix: /etc/nginx/bookstack.conf

We need to edit the config of a site we want to resolve the IP issue to

NanoVim

nano /etc/nginx/bookstack.conf

vi /etc/nginx/bookstack.conf

Your config file should look something like the below

server {

    listen       80;
    listen  [::]:80;

    root /var/www/documentation;
    index  index.html;
}

We then need to tell nginx to include another config file with the include clause

include /etc/nginx/cloudflare.conf;

So now our file looks like the below

server {

    listen       80;
    listen  [::]:80;

    root /var/www/documentation;
    index  index.html;
+   include /etc/nginx/cloudflare.conf;
}

Check the config is valid

nginx -t

you should see the below

nginx: the configuration file <> syntax is ok
nginx: the configuration file <> test is successful

Restart nginx

systemctl restart nginx

---

Want to make this site better? Open a PR or help fund hosting costs